AT GROUND LEVEL combination of email security controls , group policy to minimise the chance of a malicious file being delivered / opened and user awareness programmes .
• Keep abreast of the latest developments in the tactics , techniques and procedures ( TTPs ) of ransomware activity , in addition to tracking groups known to be targeted targeting your sector , this is the best way to stay ahead of the curve from this pernicious activity .
• Use the trends identified in this report to inform your own threat model and act accordingly . It ’ s always better to ‘ stay left of boom ’ and act in a proactive manner . Prevention is always a better approach than remediation .
Mike McPherson , SVP of Technical Operations at ReliaQuest , offers further commentary on the attacks to the construction sector and how it can prevent them .
The report findings reveal that the construction sector is the most targeted by cybercriminals – why do you think this is ?
In the eyes of financially motivated cybercriminals , the construction sector is highly targeted due to the belief the industry is steeped in deadlines and not tolerant to delays or interruptions .
Whether the construction sector is actually more intolerant of delays or interruptions than other sectors is irrelevant . Cybercriminals will strike wherever they perceive opportunity .
How frequent are ransomware attacks on the construction sector and how can this be prevented ?
The only proven way to combat the scourge of ransomware attacks is to improve resilience by hardening defences and prevent the threat actors ’ ability to gain initial access and establish persistence across the victim network . Common mitigation strategies include :
• Employees must be educated on the risks associated with phishing and social engineering . This must be combined with effective controls in place to detect and prevent malicious emails from reaching corporate inboxes .
• Multi-Factor Authentication ( MFA ) must also be used on corporate accounts to minimise the risk from stolen credentials , which is one of the most common methods of facilitating access .
• Identity and Access Management ( IAM ) processes must be hardened , with high-risk vulnerabilities promptly patched .
• Secure remote services , such as remote desktop protocol ( RDP ) and virtual private networks ( VPN ), to prevent exploitation .
• Ensure proper backups to corporate data . There are several methods of managing backup strategies , including the 3-2-1 method . The concept of the 3-2-1 backup strategy is that three copies are made of the data to be protected , the copies are stored on two different types of storage media and one copy of the data is sent off site .
How can construction companies shape a ransomware resiliency strategy and deploy this effectively ?
Table-top exercises are another essential practice to incorporate into strategic planning to counter the ransomware threat . These exercises provide a safe environment to practice and explore potential responses to a cyberattack .
What does the future hold for security in construction ?
The future for security in the construction sector , similar to most other sectors , will rely upon the ability to understand and adapt to the ever-shifting tactics , techniques and procedures ( TTPs ) of these criminal groups . The threat is not static and neither should a company ’ s defences . Table-top exercises which align against the adversary ’ s TTPs are critical steps which potential victims must conduct at regular intervals . If the tabletop exercise is treated like a compliance checklist , the company is bound to end up on a Dark Web listing of breached victims . These exercises must also be forwardlooking and include areas such as the movement of Operational Technology ( OT ) systems being integrated with traditional Information Technology ( IT ). The trend of OT moving from older yet less susceptible technology – such as air-gapped or obscure operating systems – being bought in line with modern IT only increases the potential victim ’ s attack surface and makes it more susceptible to intrusion .
There is no silver bullet to protecting the construction sector . Understand the threat . Understand your vulnerabilities against the threat . Enact a plan to mitigate your vulnerabilities . All of this is easy to say ; none of it is easy to do on a consistent basis . �
Mike McPherson , SVP of Technical Operations at ReliaQuest
www . intelligentbuild . tech 31